beforemerge-supabase-review

Comprehensive code review rules for Supabase applications including RLS security, auth patterns, query performance, migration workflows, and type safety. Use this skill when reviewing, writing, or refactoring Supabase-backed code — especially before merging pull requests. Triggers on tasks involving code review, PR review, security audit, performance review, or quality checks for Supabase/PostgreSQL projects.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "beforemerge-supabase-review" with this command: npx skills add beforemerge/beforemerge-skills/beforemerge-beforemerge-skills-beforemerge-supabase-review

BeforeMerge: Supabase Review

Comprehensive code review knowledge base for Supabase applications. Contains rules across 4 categories — security, performance, architecture, and quality — prioritized by impact.

When to Apply

Reference these rules when:

  • Reviewing pull requests that touch Supabase queries, RLS policies, or migrations
  • Writing new database tables, policies, or server-side Supabase calls
  • Auditing existing code for RLS gaps, auth misuse, or query anti-patterns
  • Refactoring Supabase integration for performance or maintainability
  • Running pre-merge quality checks on Supabase-related changes

Rule Categories by Priority

PriorityCategoryImpactPrefixFocus
1SecurityCRITICALsec-RLS, auth, service role, migration safety
2PerformanceHIGHperf-Query optimization, connection pooling, pagination
3ArchitectureMEDIUMarch-Client selection, type generation, migration structure
4QualityLOW-MEDIUMqual-Error handling, input validation, unchecked errors

How to Use

Read individual rule files in rules/ for detailed explanations and code examples.

Each rule contains:

  • Brief explanation of why it matters
  • Incorrect code example with explanation
  • Correct code example with explanation
  • CWE/OWASP mapping where applicable
  • References to official documentation

For the complete compiled guide: AGENTS.md

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

beforemerge-react-review

No summary provided by upstream source.

Repository SourceNeeds Review
5-beforemerge
Security

skillguard-hardened

Security guard for OpenClaw skills, developed and maintained by rose北港(小红帽 / 猫猫帽帽). Audits installed or incoming skills with local rules plus Zenmux AI intent review, then recommends pass, warn, block, or quarantine.

Archived SourceRecently Updated
--2404589803
Security

api-contract-auditor

审查 API 文档、示例和字段定义是否一致,输出 breaking change 风险。;use for api, contract, audit workflows;do not use for 直接改线上接口, 替代契约测试平台.

Archived SourceRecently Updated
--52yuanchangxing
Security

ai-workflow-red-team-lite

对 AI 自动化流程做轻量红队演练,聚焦误用路径、边界失败和数据泄露风险。;use for red-team, ai, workflow workflows;do not use for 输出可直接滥用的攻击脚本, 帮助破坏系统.

Archived SourceRecently Updated
--52yuanchangxing